The first set of publications based on Edward Snowdens files were concerned
with surveillance of internet communication happening more indiscriminately
and on a much larger scale than previously thought. The more recent publications,
presenting the systematic undermining of cryptographic solutions and standards,
are the cause of much more substantial worry. As some of the leading UK
researchers in the field of cryptography and computer security we feel compelled
to comment on the recent revelations.

The UK and US governments recently dramatically increased the funding available
to various agencies to help protect our countries against Cyber Attack. Such
attacks are now commonplace on both corporations, and individuals. We now
all rely on cryptography to secure our mobile phones, credit cards, internet
communications etc. and because of this we welcome the governments
prioritization of this area in an era of fiscal squeeze. As researchers in
security we understand that the NSA and GCHQ are tasked with conducting
operations for purposes of national security.

However, the documents released show that NSA and GCHQ worked to weaken
international cryptographic standards, and to place "backdoors" into security
products; such backdoors could of course be potentially exploited by others
than the original creators. One of the prime missions of the security services
is to protect citizens and corporations from Cyber Attack. By weakening
cryptographic standards, in as yet undisclosed ways, and by inserting weaknesses
into products which we all rely on to secure critical infrastructure, we
believe that the agencies have been acting against the interests of the public
that they are meant to serve. We find it shocking that agencies of both the
US and UK governments now stand accused of undermining the systems which
protect us. By weakening all our security so that they can listen in to the
communications of our enemies, they also weaken our security against our
potential enemies.

We call on the relevant parties to reveal what systems have been weakened
so that they can be repaired, and to create a proper system of oversight
with well-defined public rules that clearly forbid weakening the security
of civilian systems and infrastructures. The statutory Intelligence and Security
Committee of the House of Commons needs to investigate this issue as a matter
of urgency. In the modern information age we all need to have complete trust
in the basic infrastructure that we all use.